Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11068
HistoryJul 11, 2017 - 12:00 a.m.

KLA11068 Denial of Service Vulnerability in Microsoft .NET Framework

2017-07-1100:00:00
Kaspersky Lab
threats.kaspersky.com
35

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Detect date:

07/11/2017

Severity:

Warning

Description:

An improper handling of web requests has been found in Microsoft Common Object Runtime Library. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited by issuing specially designed requests to the .NET web application.

Affected products:

Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.7

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2017-8585

Impacts:

DoS

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2017-85855.0Warning

Microsoft official advisories:

KB list:

4025342
4025339
4025344
4025338

Related

veracode 1
cve 1
prion 1
github 1
osv 1
redhatcve 1
mscve 1
nessus 5
redhat 1
openvas 4
mskb 4
talosblog 1
trendmicroblog 1
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:37:47
cve
cve
CVE-2017-8585
2017-07-11 21:29:00
prion
prion
Denial of service
2017-07-11 21:29:00
github
github
Improper Input Validation in Microsoft.NETCore.App
2022-05-17 00:19:03
osv
osv
Improper Input Validation in Microsoft.NETCore.App
2022-05-17 00:19:03
redhatcve
redhatcve
CVE-2017-8585
2017-11-14 23:19:44
mscve
mscve
.NET Denial of Service Vulnerability
2017-07-11 07:00:00
nessus
nessus
RHEL 7 : .NET Core (RHSA-2017:3248)
2017-11-27 00:00:00
KB4025338: Windows 10 July 2017 Cumulative Update
2017-11-03 00:00:00
KB4025344: Windows 10 Version 1511 July 2017 Cumulative Update
2017-07-11 00:00:00
redhat
redhat
(RHSA-2017:3248) Low: .NET Core security update
2017-11-20 11:02:54
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4025338)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025344)
2017-07-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4025339)
2017-07-12 00:00:00
mskb
mskb
July 11, 2017—KB4025338 (OS Build 10240.17488)
2017-07-11 07:00:00
July 11, 2017—KB4025344 (OS Build 10586.1007)
2017-07-11 07:00:00
July 11, 2017—KB4025342 (OS Build 15063.483)
2017-07-11 07:00:00
talosblog
talosblog
Microsoft Patch Tuesday - July 2017
2017-07-11 12:59:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of July 10, 2017
2017-07-14 12:00:02

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON
Related for KLA11068
veracode1cve1prion1github1osv1redhatcve1mscve1nessus5redhat1openvas4mskb4talosblog1trendmicroblog1